Draytek

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-51249 1Draytek 1Vigor3900 Firmware Apr 11, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-51246 1Draytek 1Vigor3900 Firmware Apr 11, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-51252 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.
CVE-2024-51248 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
CVE-2024-51247 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
CVE-2024-51245 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
CVE-2024-51244 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
CVE-2024-51260 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 31, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
CVE-2024-51255 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 31, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.
CVE-2024-51259 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 31, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.
CVE-2024-51254 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 31, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
CVE-2024-51258 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
CVE-2024-51301 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
CVE-2024-51300 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
CVE-2024-51299 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
CVE-2024-51298 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.
CVE-2024-51296 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
CVE-2024-51257 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
CVE-2024-51304 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
CVE-2024-48074 1Draytek 1Vigor2960 Firmware May 17, 2025 Oct 28, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route...Show more An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.Show less

Previous 123 4 5 6 7 Next